top of page

Data Protection Policy

POLICY FRAMEWORK

1. Purpose

Asili Retreats values the privacy and security of our guests, staff, and partners. This Data Protection Policy sets out how we collect, use, store, and safeguard personal data in line with applicable data protection laws, including the Kenya Data Protection Act (2019) and, where relevant, the General Data Protection Regulation (GDPR).

2. Scope

This policy applies to:

  • All guests and participants at Asili Retreats.
     

  • All employees, contractors, volunteers, and partners handling personal data on behalf of Asili Retreats.
     

  • All personal data collected through our website, booking systems, emails, forms, or in person.
     

3. Principles

Asili Retreats commits to the following data protection principles:

  1. Lawfulness, fairness, and transparency – We process personal data lawfully and transparently.
     

  2. Purpose limitation – Data is collected for specific, explicit, and legitimate purposes.
     

  3. Data minimization – We only collect data that is necessary.
     

  4. Accuracy – We keep personal data accurate and up to date.
     

  5. Storage limitation – We retain data only for as long as necessary.
     

  6. Integrity and confidentiality – We protect data with appropriate security measures.
     

4. Data Collected

We may collect the following types of personal data:

  • Identification details: Name, contact number, email, postal address.
     

  • Booking details: Retreat dates, accommodation preferences, payment details.
     

  • Health and wellness information: Only where necessary (e.g., allergies, dietary restrictions, emergency contact details, or health conditions relevant to retreat participation).
     

Marketing preferences: Consent to receive newsletters, updates, or promotions.

DATA HANDLING AND PROTECTION

5. Legal Basis for Processing

We process personal data based on:

  • Contract: To provide services as part of a booking or retreat participation.
     

  • Consent: For marketing communications or sensitive health information.
     

  • Legal obligation: Where required by law or regulation.
     

  • Legitimate interest: For internal business administration and service improvement.
     

6. Data Sharing and Disclosure

  • We do not sell or rent personal data.
     

  • Data may be shared with:
     

    • Service providers (e.g., payment processors, accommodation partners, wellness practitioners) under confidentiality agreements.
       

    • Authorities, if required by law.
       

  • Any data sharing will follow strict confidentiality and data security standards.
     

7. Data Storage and Security

  • Personal data is stored securely in electronic and/or physical formats.
     

  • Security measures include encrypted databases, secure passwords, and limited access.
     

  • Paper records are stored in locked facilities with restricted access.
     

8. Data Retention

  • Guest booking and financial records: retained for 7 years in line with accounting and legal requirements.
     

  • Health and wellness forms: retained for 1 year after retreat participation, unless longer retention is required for legal purposes.
     

Marketing contact information: retained until consent is withdrawn.

RIGHTS, BREACHES AND CONTRACTS

9. Rights of Data Subjects

Guests and staff have the right to:

  • Access their personal data.
     

  • Request corrections or updates.
     

  • Request deletion (“right to be forgotten”).
     

  • Restrict or object to processing.
     

  • Withdraw consent at any time (for marketing or health data).
     

Requests may be sent to asiliretreats@gmail.com.

10. Data Breach Management

  • Any suspected data breach will be assessed immediately.
     

  • Where required, affected individuals and the Office of the Data Protection Commissioner (ODPC) or relevant authority will be notified within legal timeframes.
     

11. Policy Review

This policy will be reviewed annually or when there are changes in data protection laws or Asili Retreats’ operations.

12. Contact

For questions, requests, or concerns regarding data protection at Asili Retreats, please contact:
Data Protection Officer
Email: asiliretreats@gmail.com
Phone: +254 721 373 867

Asili Retreats yoga blocks and sound healing bowls
bottom of page